Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help TR/Drop.RQU.119'[trojan] in C:\WINDOWS\system32...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help TR/Drop.RQU.119'[trojan] in C:\WINDOWS\system32...

Unread postby anna-nat » December 30th, 2010, 3:50 am

Avira Guard found this:
TR/Drop.RQU.119'[trojan] nel file 'C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati applicazioni\Windows Internet Name Service\updrem.exe'

I can't seem to remove it in any way.... HELP please
this is the hijack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.49.32, on 30/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati

applicazioni\Windows Internet Name Service\wins.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
D:\documenti\Downloads\SpyBot\Spybot - Search &

Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
D:\documenti\Varie\NPSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
c:\programmi\avira\antivir desktop\avcenter.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.tgcom.mediaset.it/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)

=

http://it.rd.yahoo.com/customize/ycomp/ ... //it.yahoo

.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchBar.InitToolbarBHO -

{1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: Skype add-on (mastermind) -

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} -

D:\documenti\Downloads\skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

D:\DOCUME~1\DOWNLO~1\SpyBot\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File

comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog

Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog

Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD

Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Synchronization Manager]

%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir

Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer]

D:\documenti\Downloads\SpyBot\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AutoStartNPSAgent]

D:\documenti\Varie\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer

- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

D:\documenti\Downloads\skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

D:\DOCUME~1\DOWNLO~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

D:\DOCUME~1\DOWNLO~1\SpyBot\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

- C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di

componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner -

C:\Programmi\File comuni\ArcSoft\Connection

Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira

GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH -

C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FsUsbExService - Teruten -

C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Servizio di Google Update (gupdate1c98de2880c5b2a)

(gupdate1c98de2880c5b2a) - Google Inc. -

C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google -

C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Programmi\File

comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG -

C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Programmi\File

comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service

(default)) - Analog Devices, Inc. - C:\Programmi\Analog

Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -

C:\Programmi\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Internet Name Service - Unknown owner -

C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Dati

applicazioni\Windows Internet Name Service\wins.exe

--
End of file - 8516 bytes
anna-nat
Active Member
 
Posts: 1
Joined: December 30th, 2010, 3:35 am
Advertisement
Register to Remove

Re: help TR/Drop.RQU.119'[trojan] in C:\WINDOWS\system32...

Unread postby deltalima » December 30th, 2010, 5:10 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: help TR/Drop.RQU.119'[trojan] in C:\WINDOWS\system32...

Unread postby deltalima » December 30th, 2010, 5:17 pm

Hi anna-nat,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

First thing I would like you to do is to turn Word Wrap off in Notepad:
  • Open Notepad then on the Toolbar click Format.
  • Make sure Word Wrap is unticked then close Notepad.

Now please post a new HijackThis log.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: help TR/Drop.RQU.119'[trojan] in C:\WINDOWS\system32...

Unread postby Gary R » January 2nd, 2011, 6:43 pm

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21871
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware